[[!meta title="Erase memory: the memtest86+ way"]]

Rationale
=========

Memory erasure on shutdown is currently buggy. Sdmem and linux memtest
implementation are failing. But a program exist that is actually dedicated at
memory testing, and that has thus access to most (if tot all) available memory: 
[memtest86+](http://www.memtest.org/). This is a research using a modified
memtest86+ to erase memory.

Adapting memtest
================

We started from memtest86+ version 4.20 available at
<http://www.memtest.org/download/4.20/memtest86+-4.20.tar.gz>.

Executing a single test
-----------------------

We patched memtest86+ to execute a single test, and then reboot. We choosed
test #1 "Address test, own address" but quicker one could probably be choosen.

The corresponding patchset:

[0001-Do-only-one-test-and-hopefully-reboot.patch](https://labs.riseup.net/code/attachments/312/0001-Do-only-one-test-and-hopefully-reboot.patch)

Nice display
------------

We patched memtest86+ to only display "Memory wipe, please wait..." with a
progress bar, and then report success.

The corresponding patchset:

- [0002-Only-write-a-nice-title.patch](https://labs.riseup.net/code/attachments/314/0002-Only-write-a-nice-title.patch)
- [0003-Remove-most-colors.patch](https://labs.riseup.net/code/attachments/315/0003-Remove-most-colors.patch)
- [0004-Actually-writes-the-progress-bar-and-move-it-up.patch](https://labs.riseup.net/code/attachments/320/0004-Actually-writes-the-progress-bar-and-move-it-up.patch)
- [0005-Display-message-at-the-end.patch](https://labs.riseup.net/code/attachments/322/0005-Display-message-at-the-end.patch)

A screenshot:

<img src="https://labs.riseup.net/code/attachments/323/memwipe.png">

Unfortunately, this is useless as when kexec launches memtest from Tails, the
video mode in not native and nothing is displayed.

Left to do
----------

- Actually halt the machine
- Choose or write a quicker test
- Disable keyboard shortcuts


Integreating into Tails
=======================

We patched tails experimental to kexec on our modified memtest86+ instead of on
linux on shutdown. The `memtest` binary built on Tails from upstream with our
patches applied is correctly recognised by kexec. Note that we didn't achive to
kexec on a memtest built on another OS.

The corresponding patchset:

- [0001-Test-memory-wipe-with-memtest86.patch](https://labs.riseup.net/code/attachments/313/0001-Test-memory-wipe-with-memtest86.patch)

Testing procedure
=================

We launched the system to test with qemu or virtualbox. We dumped the ram just
before shutdown, then after machine halt.

With qemu, one should start the system to test with `-no-shutdown`, e.g.:

    qemu -enable-kvm -snapshot -m 2048 -no-shutdown -cdrom tails-i386-experimental-0.12.1-20120816.iso

We launched 4 `fillram` processes in parallel, whatching them with `top` and
waiting for them to be killed by oom killer. At least one terminated with
`MemoryError`. Fillram fills the RAM with the pattern `wipe_didnt_work\n`.

Then we dumped RAM with the following command in qemu console (CTRL+ALT+2). Note
that the end address must be adapted to the amount of RAM available in the VM:

    pmemsave 0 0x80000000 before.dump

Then shutdown Tails pressing the red button, and once the machine halted, dump
the RAM again:

    pmemsave 0 0x80000000 after.dump

Then we count the occurences of the pattern in the memory dump:

    grep -c wipe_didnt_work before.dump
    grep -c wipe_didnt_work after.dump

Testing results
===============

    Machine             RAM         Patterns                %patterns               %wipe
                                    before wipe after wipe  before wipe after wipe

    Tails sdmem+kexec   2147483648   1772984624    17168336 82,561%     0,799%      99,032%

    Tails memwipe+kexec 2147483648   1755221472         240 81,734%     <0,001%     >0,999%

    Tails sdmem+kexec   8589934592   3243648688  1128607952 37,761%     13,139%     65,206%

    Tails memwipe+kexec 8589934592   3372274816         240 39,258%     <0,001%     >0,999%

    Units: bytes

    Resolution: 16 bytes accuacy

Memwipe erase memory better than current Tails implementation.
There is a remaining area of 240 bytes that does not get erased.

Conclusion
==========

For the memory wipe approches we know about, this one is the most efficient we
experimented.

Pros:

- We have something that works better than any other methods we know about.

Cons:

- There is still a small amount of memory not wiped.
- We have to maintain a patchset. However there is only one memtest86+ release
  by year since 2009.
- There is no output on screen, and it may be difficult to fix.


